OSDN Git Service
Try to avoid covscan freaking out about sscanf with %n.
covscan says:
5. efibootmgr-0.8.0/src/lib/disk.c:96:tainted_data_argument – Calling
function "fgets(char * restrict, int, FILE * restrict)" taints argument
"line".
10. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to
"sscanf(char const * restrict, char const * restrict, ...)" with
tainted argument "line" taints "major".
11. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to
"sscanf(char const * restrict, char const * restrict, ...)" with
tainted argument "line" taints "scanned".
13. efibootmgr-0.8.0/src/lib/disk.c:103:tainted_data – Using tainted
variable "scanned" as an index into an array "line".
I *think* that's really complaining that if sscanf fails before
processing %n, then "scanned" is indeterminate here. So I've assigned
it to 0.
Either way, if any of that goes wrong, the code's going to completely
fail.
Signed-off-by: Peter Jones <pjones@redhat.com>